Skip to content

Luke's Linux Lessons

Please visit https://lukeslinux.co.uk/ for a more active and updated site

Menu

  • Web servers
    • htaccess
    • nginx, php-fpm and server blocks
    • X-Forwarded-For Headers (Loadbalancers)
    • phpmyadmin
  • Databases
    • mysql / Mariadb commands
    • Mariadb
    • Percona DB
    • Holland backup
    • Converting mysql tables engines
  • Caching
    • APC (Alternative PHP Caching)
    • Varnish
    • Memcache (Data + Object caching)
  • NFS
    • NFS
  • Security
    • Firewall / IPtables / UFW
  • FTP/sFTP
    • sFTP Chroot (with BIND mounts)
    • vsFTPd
  • syncing
    • Lsyncd
  • Monitoring
    • New Relic Monitoring
    • Google Analytic
  • Crontab
    • Crontab
  • Fine-Tuning
    • Logrotate
  • Commands
    • xargs
  • Troubleshooting
Search
Web servers

htaccess

Written by LukeS on December 7th, 2014January 8th, 2015.

Quick Links:
.htaccess for apache
mod_rewrite for .htaccess apache
.htpassword file
nginx http auth (.htaccess equivalent)
mod_rewrite for nginx
Securing phpmyadmin centos

 

htaccess for apache

.htaccess to can be used to specify protecting of a location or protect wp-admin login for wordpress. To use the .htaccess file you will need to allow the file the ability to override all. This will need to be configured in the apache config file AND the vhost itself. You may have to uncomment the section in the /etc/httpd/conf/httpd.conf file. The section looks similar to:

# AllowOverride controls what directives may be placed in .htaccess files
# It can be “All”, “None”, or any combination of the keywords:
# Options FileInfo AuthConfig Limit
AllowOverride All

 

The vhost will need AllowOverride All placed in a similar location to:
AllowOverride controls what directives may be placed in .htaccess files.

<Directory /var/www/html>
Options Indexes FollowSymLinks MultiViews
AllowOverride All
Order allow,deny
allow from all
# Uncomment this directive is you want to see apache2's
# default start page (in /apache2-default) when you go to /
#RedirectMatch ^/$ /apache2-default/
</Directory>

This example shows the file being used to protect the specific file that admins use to log into the wordpress site (wp-login.php), you can change this to what ever file you wish to protect. Add this section to the file:

<Files wp-login.php>
AuthUserFile /var/www/html/.htpasswd
AuthType Basic
AuthName "hello"
Require valid-user
</Files>

 

Mod_rewrite apache

Mod_rewrite needs to be used for wordpress sites if you wish to change the shortlink. For example this page has the address of: http://lukeslinuxlessons.co.uk/004-htaccess/

Without the mod rewrite the page may be numbered something like page-10 rather than the title of the page. Add the following code to add mod_rewrite:

<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ – [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>

 

.htpassword 

You should avoid having this file in the same document as the .htaccess. It is better to have this in the directory below the .htaccess (e.g /var/www/html/ rather than /var/www/html/LukesLinuxLessons.co.uk/

In this file you will have the user list and the hashed password that will be used to authenticate and be granted access to the password protected area.

You can use an online generator to produce the .htpasswd username and hashed password or you can do it via the command line.

Example:

lukeshirnia:$apr1$w9Kl3$7UO9dsadqfNWkXufX.j8/

webdeveloper:dhaNI0w8ajGTUskliasun(U*&HKks/

 

htaccess for nginx (http auth)

nginx does not support .htaccess, more information can be found at the following link on why it doesn’t: http://www.nginxtips.com/why-doesnt-nginx-support-htaccess-files/

If you are lazy and you already have a .htaccess file then you can use the following link to convert that into nginx format: htaccess to nginx

The standard format for the htaccess would be:

location ^~ /secret_directory/ {
auth_basic "Restricted";
auth_basic_user_file /var/www/html/.htpasswd;

 

You add this code to the vhost (server block), change secret directory to the location or file you wish to protect, restart/reload nginx and you are done!

Just incase you are still confused the following code is what I use for my website:

# nginx configuration
location /wp-login.php {
auth_basic_user_file /var/www/html/.htpasswd;
auth_basic "hello";
}

Please note: you will still need the .htpassword file and will need to specify the location.

 

mod_rewrite for nginx

For mod_rewrite you will need the following code:

try_files $uri $uri/ /index.php?args;

 

phpMyAdmin .htaccess

CentOS

To password protect phpMyAdmin you should edit /etc/httpd/conf.d/phpMyAdmin. In this file you should then add the following code:

AuthType Basic
AuthName "Enter account information"
AuthUserFile /var/www/html/.htpasswd
Require valid-user

AuthUserFile – this should reference the .htaccess password file you have set up previously

 

  • .htaccess
  • .htpassword
  • ht access
  • http authentication
  • mod_rewrite
  • password protect
  • securing phpmyadmin
  • securing wp login

Post navigation

Previous Post:

mysql / Mariadb commands

Next Post:

Mariadb

Categories

  • Caching
  • Commands
  • Crontab
  • Databases
  • Fine-Tuning
  • FTP/sFTP
  • Monitoring
  • NFS
  • Security
  • syncing
  • Uncategorized
  • Web servers
  • Wordpress

Recent Posts

  • Chrooting SSH Users
  • xmlrpc.php – Are you being attacked?
  • Converting mysql tables engines
  • APC (Alternative PHP Caching)
  • sFTP Chroot (with BIND mounts)

Tags

apc cache caching chroot chroot sFTP cpu monitoring database delaycompress engines FTP innodb ip addresses log ip addresses mariadb mariadb engines memcache monitoring myisam mysql network file system new relic nginx object caching open source db Percona Percona db php-fpm php caching ram monitoring reverse proxy secure file transfer secure FTP server blocks server monitoring sFTP statistical analysis sync syncing table engines vsFTPd wordpress xml attack xmlrpc xmlrpc.php xmlrpc attack

Archives

  • August 2016
  • March 2016
  • February 2016
  • January 2015
  • December 2014
  • November 2014
Proudly powered by WordPress | Theme: Simone by mor10.com